def discover_new_binaries(self):
"""
Find other binaries within the firmware sample that have data dependencies with those associated
with a CPF object
:return: a list of binaries
"""
bins = []
self._log.debug(
"Discovering new binaries.. this might take a while.. take a coffee."
)
for _, r_info in self._role_info.items():
for info in r_info:
data_key = info[RoleInfo.DATAKEY]
role = info[RoleInfo.ROLE]
if role == Role.SETTER and data_key and data_key in self._seen_strings:
self._seen_strings.append(data_key)
self._log.debug(f"New data key: {str(data_key)}")
cmd = "grep -r '" + data_key + "' " + self._fw_path + " | grep Binary | awk '{print $3}'"
o, e = run_command(cmd)
candidate_bins = list(
set([x for x in o.decode().split('\n') if x]))
for b in candidate_bins:
# optimization: this is handle by angr anyway
if LIB_KEYWORD in b or b in bins:
continue
self._log.debug(f"Adding {os.path.basename(b)}")
bins.append(b)
return list(set(bins))
def discover_new_binaries(self):
"""
Discovers new binaries within the firmware sample that exchange data through the OS environment with the
current binary
:return: a list of binaries
"""
bins = []
self._log.debug("Discovering new binaries.. this might take a while.. take a coffee.")
for role, data_key, name_fun in zip(self._roles, self._data_keys, self._name_funs):
if data_key in self._seen_strings:
continue
if role == Role.SETTER and name_fun and data_key:
self._log.debug(f"New data key: {str(data_key)}")
self._seen_strings.append(data_key)
dual_fun = Environment.case_sensitive_replace(name_fun, M_SET_KEYWORD, M_GET_KEYWORD)
cmd = "for file in `grep -r '" + data_key + "' " + self._fw_path + \
" | grep Binary | awk '{print $3}'`; do grep " + dual_fun + \
" $file | grep Binary | awk '{print $3}'; done;"
o, e = run_command(cmd)
candidate_bins = list(set([x for x in o.decode().split('\n') if x]))
for b in candidate_bins:
self._log.debug(f"Checking binary {b} ")
if LIB_KEYWORD in b or b in bins:
continue
if self._is_getter_of(b, data_key):
self._log.debug(f"Adding {os.path.basename(b)}")
bins.append(b)
return list(set(bins))
def discover_new_binaries(self):
"""
Discover new binaries within the firmware sample that have data dependency with the current one.
:return: a list of binaries
"""
bins = []
self._log.debug(
"Discovering new binaries.. this might take a while.. take a coffee."
)
for role, data_key in set(zip(self._roles, self._data_keys)):
if role == Role.SETTER and data_key:
if data_key in self._seen_strings:
continue
self._log.debug(f"New data key: {str(data_key)}")
self._seen_strings.append(data_key)
candidate_bins = []
for get_f in M_GET_KEYWORD:
cmd = "for file in `grep -r '" + data_key + "' " + self._fw_path + \
" | grep Binary | awk '{print $3}'`; do grep " + get_f + \
" $file | grep Binary | awk '{print $3}'; done;"
o, e = run_command(cmd)
candidate_bins += list(
set([x for x in o.decode().split('\n') if x]))
for b in list(set(candidate_bins)):
if LIB_KEYWORD in b or b in bins:
continue
if self._is_getter_of(b, data_key):
self._log.debug(f"Adding {os.path.basename(b)}")
bins.append(b)
return list(set(bins))
def discover_new_binaries(self):
"""
Discover other binaries within the firmware sample using the same data keys.
:return: a list of binaries.
"""
bins = []
self._log.debug("Discovering new binaries.. this might take a while.. take a coffee.")
for role, data_key in zip(self._roles, self._data_keys):
if role == Role.SETTER and data_key:
for binding in self._bindings:
# write the port in the xxd tool format
if self._p.arch.bits == 32:
val = struct.pack('<I', binding[0]).hex()
elif self._p.arch.bits == 64:
val = struct.pack('<Q', binding[0]).hex()
else:
raise Exception("Unsupported number of bits")
counter = 0
to_look_val = ''
for v in val:
if counter % 4 == 0 and counter > 0:
to_look_val += ' '
to_look_val += v
counter += 1
cmd = "for file in `grep -r '" + binding[1] + "' | grep Binary | awk '{print $3}'`; do " \
"res=`xxd $file | grep '" + to_look_val + "'`; " \
'if [ -n "$res" ]; then echo $file; fi; done;'
o, e = run_command(cmd)
candidate_bins = list(set([x for x in o.decode().split('\n') if x]))
for b in candidate_bins:
if LIB_KEYWORD in b or b in bins:
continue
self._log.debug(f"Adding {os.path.basename(b)}")
bins.append(b)
return list(set(bins))
def discover_new_binaries(self):
"""
Discover other binaries within the firmware sample using the same data keys.
:return: a list of binaries.
"""
bins = []
self._log.debug(
"Discovering new binaries.. this might take a while.. take a coffee."
)
for role, data_key, name_file in zip(self._roles, self._data_keys,
self._name_files):
if not name_file or not data_key:
continue
if role == Role.SETTER:
try:
cmd = f"grep -r '" + name_file + "' " + self._fw_path + " | grep Binary | awk '{print $3}'"
except:
fp = open('/mnt/shared/eccolo_il_', 'w')
fp.write(f'namefile {str(name_file)}\n')
fp.write(f'fw_path {str(self._fw_path)}\n')
fp.close()
continue
o, e = run_command(cmd)
candidate_bins = list(
set([x for x in o.decode().split('\n') if x]))
for b in candidate_bins:
if LIB_KEYWORD in b or b in bins:
continue
self._log.debug(f"Adding {os.path.basename(b)}")
bins.append(b)
return list(set(bins))